research-guide
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web via the
/sc:researchcommand and local project configuration files without sanitization or boundary markers. - Ingestion points: Web research results from
/sc:researchand local dependency files likepackage.json,Cargo.toml, andgo.mod. - Boundary markers: Absent; the instructions do not require the agent to use delimiters or ignore instructions embedded within the research results.
- Capability inventory: The skill has permissions to read local project files and write synthesis reports to the
claudedocs/directory. - Sanitization: Absent; external content is processed and synthesized into documentation without validation.
- [Data Exposure] (SAFE): The skill reads project configuration files to identify the tech stack. While this involves reading local data, it is limited to public dependency manifests and is necessary for the skill's primary research purpose.
Audit Metadata